Managing Remedy Single Sign On

This topic was edited by a BMC Contributor and has not been approved.  More information.

Quick overview

Remedy Single Sign-On (Remedy SSO) is an authentication system for a multi software environment that enables users to present credentials for authentication only once. After Remedy SSO authenticates the users, they can gain access to any other application with automatic authentication without providing the credentials again.

Remedy SSO supports the following authentication methods:

·         BMC Remedy AR System Server

·         SAMLv2 (e.g. Okta)

·         LDAP

·         Kerberos

·         Certificate-based

·         Remedy SSO authentication or Local authentication

·         OAuth 2.0

·         OpenID Connect

·         Pre-authentication

Based on the organization’s requirement, you can configure any of the authentication methods to authenticate the users for various BMC applications.


For more information on Remedy Single Sign On, please click this page.


Setting up RSSO 

To request RSSO for BMC Helix Cloud Cost and Security, please click on the below link and refer to the Authentication integration.

User Management

When an enterprise user logs in the cloud cost or security first time via Remedy Single Sign On, and after successful authentication, user is created for cloud cost or security. The user will have "View Only" permission and will be assigned to tenant organisation by default. 

If you want to change the role and organisation, refer to section "Editing role and organization of a user" on this page.


  1. For RSSO to be enabled, Tenant-specific URL is required. For a hypothetical tenant, "Example International Inc.", the Tenant Specific URL would be:

  2. If RSSO is not enabled for a tenant,

    a. When the tenant admin invites a new user to the product using "invite user" functionality, the new user would receive an email with the tenant-specific URL. The user can register and login using this URL.

  3. Once RSSO is enabled for a tenant,
    a. Only the SSO user would be able to login via Tenant specific URL

    b. Other native users (non-SSO user), including the user which was used for tenant registration in BMC Helix Cloud Security and BMC Helix Cloud Cost, should use the below generic URL to login.

    For AWS hosted-

    For BMC Cloud-hosted-

    c. The "invite user" functionality should be avoided. To provide access to the product, the best practice is to onboard the users to the IDP and assign access to the product. When the new user logins for the first time, using RSSO authentication, the user is automatically provisioned in the product with a view-only role. The tenant admin can further elevate the user’s permission by assigning an appropriate role in the product.

    d. If a user is invited from the product, the user would get the tenant-specific URL. The tenant admin, who has invited the user, should send a separate email to the invited user with the generic URL to use.

Was this page helpful? Yes No Submitting... Thank you